diff options
Diffstat (limited to 'pkg/database')
-rw-r--r-- | pkg/database/password.go | 8 | ||||
-rw-r--r-- | pkg/database/users.go | 25 | ||||
-rw-r--r-- | pkg/database/users_test.go | 73 |
3 files changed, 101 insertions, 5 deletions
diff --git a/pkg/database/password.go b/pkg/database/password.go index d24183d..10abe4b 100644 --- a/pkg/database/password.go +++ b/pkg/database/password.go @@ -12,3 +12,11 @@ func hashPassword(password string) (string, error) { } return string(bytes), nil } + +func checkPassword(hash string, password string) error { + err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) + if err != nil { + return newPasswordError(err) + } + return nil +} diff --git a/pkg/database/users.go b/pkg/database/users.go index 3f75f62..10e6416 100644 --- a/pkg/database/users.go +++ b/pkg/database/users.go @@ -45,3 +45,28 @@ func (env *DBEnv) CreateUser(reg *model.UserRegistration) (*model.User, error) { } return &user, nil } + +// Login logs a user in if the password matches the hash in database +// a PasswordError is return if the passwords do not match +// a QueryError is returned if the username contains invalid sql characters like % +func (env *DBEnv) Login(login *model.UserLogin) (*model.User, error) { + query := `SELECT id, password, email FROM users WHERE username = $1;` + user := model.User{Username: login.Username} + var hash string + err := env.db.QueryRow( + query, + login.Username, + ).Scan( + &user.Id, + &hash, + &user.Email, + ) + if err != nil { + return nil, newQueryError("Could not run database query", err) + } + err = checkPassword(hash, login.Password) + if err != nil { + return nil, err + } + return &user, nil +} diff --git a/pkg/database/users_test.go b/pkg/database/users_test.go index 4b87d90..b1197db 100644 --- a/pkg/database/users_test.go +++ b/pkg/database/users_test.go @@ -32,18 +32,17 @@ func TestCreateUser(t *testing.T) { // Test cases testCases := []struct { name string - db *DBEnv input *model.UserRegistration expected int expectedError interface{} }{ - {"Normal user", db, &normalUser, 1, nil}, - {"Duplicate user", db, &normalUser, 0, &QueryError{}}, - {"Normal user 2", db, &normalUser2, 2, nil}, + {"Normal user", &normalUser, 1, nil}, + {"Duplicate user", &normalUser, 0, &QueryError{}}, + {"Normal user 2", &normalUser2, 2, nil}, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - valid, err := tc.db.CreateUser(tc.input) + valid, err := db.CreateUser(tc.input) if tc.expectedError != nil { require.Error(t, err) assert.Equalf(t, reflect.TypeOf(err), reflect.TypeOf(tc.expectedError), "Invalid error type. Got %s but expected %s", reflect.TypeOf(err), reflect.TypeOf(tc.expectedError)) @@ -109,3 +108,67 @@ func TestCreateUserWithSQLMock(t *testing.T) { }) } } + +func TestLogin(t *testing.T) { + user1 := model.UserRegistration{ + Username: "user1", + Password: "user1_pass", + Email: "user1", + } + user2 := model.UserRegistration{ + Username: "user2", + Password: "user2_pass", + Email: "user2", + } + // test db setup + db, err := InitDB("sqlite3", "file::memory:?_foreign_keys=on") + require.NoError(t, err) + err = db.Migrate() + require.NoError(t, err) + _, err = db.CreateUser(&user1) + require.NoError(t, err) + _, err = db.CreateUser(&user2) + require.NoError(t, err) + // successful logins + loginUser1 := model.UserLogin{ + Username: user1.Username, + Password: user1.Password, + } + loginUser2 := model.UserLogin{ + Username: user2.Username, + Password: user2.Password, + } + // a failed login + failedUser1 := model.UserLogin{ + Username: user1.Username, + Password: user2.Password, + } + // Query error + queryError := model.UserLogin{ + Username: "%", + } + // Test cases + testCases := []struct { + name string + input *model.UserLogin + expectedError interface{} + }{ + {"login user1", &loginUser1, nil}, + {"login user2", &loginUser2, nil}, + {"failed login", &failedUser1, &PasswordError{}}, + {"query error", &queryError, &QueryError{}}, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + valid, err := db.Login(tc.input) + if tc.expectedError != nil { + require.Error(t, err) + assert.Equalf(t, reflect.TypeOf(err), reflect.TypeOf(tc.expectedError), "Invalid error type. Got %s but expected %s", reflect.TypeOf(err), reflect.TypeOf(tc.expectedError)) + require.Nil(t, valid) + } else { + require.NoError(t, err) + assert.Equal(t, tc.input.Username, valid.Username) + } + }) + } +} |